How is data secured in transit?

HubSpot integrations require cloud-based communication. Why? Because HubSpot is cloud-based software, and all data is integrated with HubSpot via its API. All integration data is secure in transit using SSL. 

How is data secured at rest?

Lynton does not store integrated data outside of the integrated systems. Integrations are point-to-point only -- we simply move the data from point A to point B. 

How do you integrate with on-premise systems, such as those behind a corporate firewall?

Lynton supports on-premise systems. The two most common options include:

  1. If the system has an API and is not public-facing (available from the internet), your IT security team can add a rule to the firewall. Our integration server uses a select few dedicated IP addresses, so the firewall can allow our integration server to connect into your system's API. 
  2. If the system does not have an API (such as a local database or file system), or if your IT security team does not want to alter the firewall rules: Lynton offers an on-premise integration agent which is installed on your corporate network as a Windows Service. This agent has a number of benefits, including:
    • Automatically updates itself.
    • Communicates with all third-party APIs (such as HubSpot) within your local network. Therefore, your IT security team or network administrator has peace of mind with the ability to monitor/audit data transit at any time.
    • The ability to install agents on development, UAT, or production servers.
    • Cloud-based monitoring via our managed service layer, meaning your team rarely needs to perform maintenance on the agent. Changes to the agent are not required when Lynton makes changes to integration logic or field mappings.

However, there are some downsides to the agent, mainly that the integration will fail if the agent's server goes down. 

Where is the integration hosted?

In US-based data centers on Amazon AWS and Microsoft Azure servers and services. A European data center is available upon request. 

Are you SOC2 compliant?

We do use SOC2 compliant systems for our integrations. Customers may request a copy of our SOC2 report under mutual NDA.

How do you integrate sensitive data, especially for organizations subject to regulations such as HIPAA, GDPR, etc.?

HubSpot's terms of service do not allow storing personally identifiable information (PII) in its software, and HubSpot is not HIPAA compliant. We support integrations with highly sensitive data, including companies subject to HIPAA compliance as well as financial institutions. How do we do this?

  • We recommend creating a tightly defined security role for the integration (note: additional project costs may apply to support your custom security role). The security role can be designed to control the exact scope of records, fields, and operations. This way, sensitive data isn't visible by the integration and certainly isn't synced with HubSpot. Your security team will be responsible for creating and maintaining the security role.
  • The integration should not sync PII, PHI, or other sensitive data to HubSpot. 
  • If sensitive data needs to be available to HubSpot users (such as in Sales Hub or Service Hub), Lynton can build a custom HubSpot Extension which displays the sensitive data to users without storing it in HubSpot. This can be displayed to authorized users only and retrieved via secure SSL methods.